
Cs558: Introduction to security
S-Boxes
❖
The substitution consists of a set of 8 S-boxes, each of
which accepts 6 bits as input and produces 4 bits as output.
○
The first and last bits of the input to S
i
form a 2-bit
binary number to select one of 4 substitutions defined by
the four rows (0, 1, 2, 3) in the table for S
i
.
○
The middle 4 bits select one of 16 columns (0-15).
○
in S
1
, input 011001
■
The row is 01 (row 1)
■
The column is 1100 (column 12)
■
The value is 9 – output is 1001.
Cs558: Introduction to security
S-Boxes
❖
The substitution consists of a set of 8 S-boxes, each of
which accepts 6 bits as input and produces 4 bits as output.
○
The first and last bits of the input to S
i
form a 2-bit
binary number to select one of 4 substitutions defined by
the four rows (0, 1, 2, 3) in the table for S
i
.
○
The middle 4 bits select one of 16 columns (0-15).
○
Assume the output is 4, what are possible input?
Cs558: Introduction to security
S-Boxes
❖
The substitution consists of a set of 8 S-boxes, each of
which accepts 6 bits as input and produces 4 bits as output.
○
The first and last bits of the input to S
i
form a 2-bit
binary number to select one of 4 substitutions defined by
the four rows (0, 1, 2, 3) in the table for S
i
.
○
The middle 4 bits select one of 16 columns (0-15).
○
Assume the output is 4, what are possible inputs?
Row 0 column 1: 000010, row 1 column 3: 000111
Row 2 column 0: 100000, row 3 column 4: 101001
S-Box: Design Criteria
❖
The design of the round function focuses on the
design of s-boxes and on the permutation P.
❖
The design was primarily aimed at thwarting
differential cryptanalysis.
○
Any change to the input to an S-box should result in
random-looking changes to the output
○
No output bit of any S-box should be too close a linear
function of the input bits